--- /dev/null
+From a6432ded299726f123b93d0132fead200551535c Mon Sep 17 00:00:00 2001
+From: Wang YanQing <udknight@gmail.com>
+Date: Tue, 23 Apr 2013 01:19:19 +0200
+Subject: ACPI: Fix wrong parameter passed to memblock_reserve
+
+From: Wang YanQing <udknight@gmail.com>
+
+commit a6432ded299726f123b93d0132fead200551535c upstream.
+
+Commit 53aac44 (ACPI: Store valid ACPI tables passed via early initrd
+in reserved memblock areas) introduced acpi_initrd_override() that
+passes a wrong value as the second argument to memblock_reserve().
+
+Namely, the second argument of memblock_reserve() is the size of the
+region, not the address of the top of it, so make
+acpi_initrd_override() pass the size in there as appropriate.
+
+[rjw: Changelog]
+Signed-off-by: Wang YanQing <udknight@gmail.com>
+Acked-by: Yinghai Lu <yinghai@kernel.org>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/osl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/acpi/osl.c
++++ b/drivers/acpi/osl.c
+@@ -641,7 +641,7 @@ void __init acpi_initrd_override(void *d
+ * Both memblock_reserve and e820_add_region (via arch_reserve_mem_area)
+ * works fine.
+ */
+- memblock_reserve(acpi_tables_addr, acpi_tables_addr + all_tables_size);
++ memblock_reserve(acpi_tables_addr, all_tables_size);
+ arch_reserve_mem_area(acpi_tables_addr, all_tables_size);
+
+ p = early_ioremap(acpi_tables_addr, all_tables_size);
--- /dev/null
+From 94a409319561ec1847fd9bf996a2d5843ad00932 Mon Sep 17 00:00:00 2001
+From: Zhang Rui <rui.zhang@intel.com>
+Date: Fri, 26 Apr 2013 09:19:53 +0000
+Subject: ACPI / thermal: do not always return THERMAL_TREND_RAISING for active trip points
+
+From: Zhang Rui <rui.zhang@intel.com>
+
+commit 94a409319561ec1847fd9bf996a2d5843ad00932 upstream.
+
+Commit 4ae46be "Thermal: Introduce thermal_zone_trip_update()"
+introduced a regression causing the fan to be always on even when
+the system is idle.
+
+My original idea in that commit is that:
+ - when the current temperature is above the trip point,
+ keep the fan on, even if the temperature is dropping.
+ - when the current temperature is below the trip point,
+ turn on the fan when the temperature is raising,
+ turn off the fan when the temperature is dropping.
+
+But this is what the code actually does:
+ - when the current temperature is above the trip point,
+ the fan keeps on.
+ - when the current temperature is below the trip point,
+ the fan is always on because thermal_get_trend()
+ in driver/acpi/thermal.c returns THERMAL_TREND_RAISING.
+Thus the fan keeps running even if the system is idle.
+
+Fix this in drivers/acpi/thermal.c.
+
+[rjw: Changelog]
+References: https://bugzilla.kernel.org/show_bug.cgi?id=56591
+References: https://bugzilla.kernel.org/show_bug.cgi?id=56601
+References: https://bugzilla.kernel.org/show_bug.cgi?id=50041#c45
+Signed-off-by: Zhang Rui <rui.zhang@intel.com>
+Tested-by: Matthias <morpheusxyz123@yahoo.de>
+Tested-by: Ville Syrjälä <syrjala@sci.fi>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/thermal.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+--- a/drivers/acpi/thermal.c
++++ b/drivers/acpi/thermal.c
+@@ -723,9 +723,19 @@ static int thermal_get_trend(struct ther
+ return -EINVAL;
+
+ if (type == THERMAL_TRIP_ACTIVE) {
+- /* aggressive active cooling */
+- *trend = THERMAL_TREND_RAISING;
+- return 0;
++ unsigned long trip_temp;
++ unsigned long temp = KELVIN_TO_MILLICELSIUS(tz->temperature,
++ tz->kelvin_offset);
++ if (thermal_get_trip_temp(thermal, trip, &trip_temp))
++ return -EINVAL;
++
++ if (temp > trip_temp) {
++ *trend = THERMAL_TREND_RAISING;
++ return 0;
++ } else {
++ /* Fall back on default trend */
++ return -EINVAL;
++ }
+ }
+
+ /*
--- /dev/null
+From 98682063549bedd6e2d2b6b7222f150c6fbce68c Mon Sep 17 00:00:00 2001
+From: Dylan Reid <dgreid@chromium.org>
+Date: Tue, 16 Apr 2013 20:02:34 -0700
+Subject: ASoC: max98088: Fix logging of hardware revision.
+
+From: Dylan Reid <dgreid@chromium.org>
+
+commit 98682063549bedd6e2d2b6b7222f150c6fbce68c upstream.
+
+The hardware revision of the codec is based at 0x40. Subtract that
+before convering to ASCII. The same as it is done for 98095.
+
+Signed-off-by: Dylan Reid <dgreid@chromium.org>
+Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/max98088.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/soc/codecs/max98088.c
++++ b/sound/soc/codecs/max98088.c
+@@ -2006,7 +2006,7 @@ static int max98088_probe(struct snd_soc
+ ret);
+ goto err_access;
+ }
+- dev_info(codec->dev, "revision %c\n", ret + 'A');
++ dev_info(codec->dev, "revision %c\n", ret - 0x40 + 'A');
+
+ snd_soc_write(codec, M98088_REG_51_PWR_SYS, M98088_PWRSV);
+
--- /dev/null
+From 3ac1707a13a3da9cfc8f242a15b2fae6df2c5f88 Mon Sep 17 00:00:00 2001
+From: Li Zefan <lizefan@huawei.com>
+Date: Tue, 12 Mar 2013 15:36:00 -0700
+Subject: cgroup: fix an off-by-one bug which may trigger BUG_ON()
+
+From: Li Zefan <lizefan@huawei.com>
+
+commit 3ac1707a13a3da9cfc8f242a15b2fae6df2c5f88 upstream.
+
+The 3rd parameter of flex_array_prealloc() is the number of elements,
+not the index of the last element.
+
+The effect of the bug is, when opening cgroup.procs, a flex array will
+be allocated and all elements of the array is allocated with
+GFP_KERNEL flag, but the last one is GFP_ATOMIC, and if we fail to
+allocate memory for it, it'll trigger a BUG_ON().
+
+Signed-off-by: Li Zefan <lizefan@huawei.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cgroup.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/cgroup.c
++++ b/kernel/cgroup.c
+@@ -2065,7 +2065,7 @@ static int cgroup_attach_proc(struct cgr
+ if (!group)
+ return -ENOMEM;
+ /* pre-allocate to guarantee space while iterating in rcu read-side. */
+- retval = flex_array_prealloc(group, 0, group_size - 1, GFP_KERNEL);
++ retval = flex_array_prealloc(group, 0, group_size, GFP_KERNEL);
+ if (retval)
+ goto out_free_group_list;
+
--- /dev/null
+From 712317ad97f41e738e1a19aa0a6392a78a84094e Mon Sep 17 00:00:00 2001
+From: Li Zefan <lizefan@huawei.com>
+Date: Thu, 18 Apr 2013 23:09:52 -0700
+Subject: cgroup: fix broken file xattrs
+
+From: Li Zefan <lizefan@huawei.com>
+
+commit 712317ad97f41e738e1a19aa0a6392a78a84094e upstream.
+
+We should store file xattrs in struct cfent instead of struct cftype,
+because cftype is a type while cfent is object instance of cftype.
+
+For example each cgroup has a tasks file, and each tasks file is
+associated with a uniq cfent, but all those files share the same
+struct cftype.
+
+Alexey Kodanev reported a crash, which can be reproduced:
+
+ # mount -t cgroup -o xattr /sys/fs/cgroup
+ # mkdir /sys/fs/cgroup/test
+ # setfattr -n trusted.value -v test_value /sys/fs/cgroup/tasks
+ # rmdir /sys/fs/cgroup/test
+ # umount /sys/fs/cgroup
+ oops!
+
+In this case, simple_xattrs_free() will free the same struct simple_xattrs
+twice.
+
+tj: Dropped unused local variable @cft from cgroup_diput().
+
+Reported-by: Alexey Kodanev <alexey.kodanev@oracle.com>
+Signed-off-by: Li Zefan <lizefan@huawei.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/cgroup.h | 3 ---
+ kernel/cgroup.c | 11 ++++++-----
+ 2 files changed, 6 insertions(+), 8 deletions(-)
+
+--- a/include/linux/cgroup.h
++++ b/include/linux/cgroup.h
+@@ -304,9 +304,6 @@ struct cftype {
+ /* CFTYPE_* flags */
+ unsigned int flags;
+
+- /* file xattrs */
+- struct simple_xattrs xattrs;
+-
+ int (*open)(struct inode *inode, struct file *file);
+ ssize_t (*read)(struct cgroup *cgrp, struct cftype *cft,
+ struct file *file,
+--- a/kernel/cgroup.c
++++ b/kernel/cgroup.c
+@@ -162,6 +162,9 @@ struct cfent {
+ struct list_head node;
+ struct dentry *dentry;
+ struct cftype *type;
++
++ /* file xattrs */
++ struct simple_xattrs xattrs;
+ };
+
+ /*
+@@ -910,13 +913,12 @@ static void cgroup_diput(struct dentry *
+ } else {
+ struct cfent *cfe = __d_cfe(dentry);
+ struct cgroup *cgrp = dentry->d_parent->d_fsdata;
+- struct cftype *cft = cfe->type;
+
+ WARN_ONCE(!list_empty(&cfe->node) &&
+ cgrp != &cgrp->root->top_cgroup,
+ "cfe still linked for %s\n", cfe->type->name);
++ simple_xattrs_free(&cfe->xattrs);
+ kfree(cfe);
+- simple_xattrs_free(&cft->xattrs);
+ }
+ iput(inode);
+ }
+@@ -2551,7 +2553,7 @@ static struct simple_xattrs *__d_xattrs(
+ if (S_ISDIR(dentry->d_inode->i_mode))
+ return &__d_cgrp(dentry)->xattrs;
+ else
+- return &__d_cft(dentry)->xattrs;
++ return &__d_cfe(dentry)->xattrs;
+ }
+
+ static inline int xattr_enabled(struct dentry *dentry)
+@@ -2727,8 +2729,6 @@ static int cgroup_add_file(struct cgroup
+ umode_t mode;
+ char name[MAX_CGROUP_TYPE_NAMELEN + MAX_CFTYPE_NAME + 2] = { 0 };
+
+- simple_xattrs_init(&cft->xattrs);
+-
+ if (subsys && !test_bit(ROOT_NOPREFIX, &cgrp->root->flags)) {
+ strcpy(name, subsys->name);
+ strcat(name, ".");
+@@ -2753,6 +2753,7 @@ static int cgroup_add_file(struct cgroup
+ cfe->type = (void *)cft;
+ cfe->dentry = dentry;
+ dentry->d_fsdata = cfe;
++ simple_xattrs_init(&cfe->xattrs);
+ list_add_tail(&cfe->node, &parent->files);
+ cfe = NULL;
+ }
--- /dev/null
+From 6f7a05d7018de222e40ca003721037a530979974 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 25 Apr 2013 11:45:53 +0200
+Subject: clockevents: Set dummy handler on CPU_DEAD shutdown
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 6f7a05d7018de222e40ca003721037a530979974 upstream.
+
+Vitaliy reported that a per cpu HPET timer interrupt crashes the
+system during hibernation. What happens is that the per cpu HPET timer
+gets shut down when the nonboot cpus are stopped. When the nonboot
+cpus are onlined again the HPET code sets up the MSI interrupt which
+fires before the clock event device is registered. The event handler
+is still set to hrtimer_interrupt, which then crashes the machine due
+to highres mode not being active.
+
+See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700333
+
+There is no real good way to avoid that in the HPET code. The HPET
+code alrady has a mechanism to detect spurious interrupts when event
+handler == NULL for a similar reason.
+
+We can handle that in the clockevent/tick layer and replace the
+previous functional handler with a dummy handler like we do in
+tick_setup_new_device().
+
+The original clockevents code did this in clockevents_exchange_device(),
+but that got removed by commit 7c1e76897 (clockevents: prevent
+clockevent event_handler ending up handler_noop) which forgot to fix
+it up in tick_shutdown(). Same issue with the broadcast device.
+
+Reported-by: Vitaliy Fillipov <vitalif@yourcmc.ru>
+Cc: Ben Hutchings <ben@decadent.org.uk>
+Cc: 700333@bugs.debian.org
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/tick-broadcast.c | 4 ++++
+ kernel/time/tick-common.c | 1 +
+ 2 files changed, 5 insertions(+)
+
+--- a/kernel/time/tick-broadcast.c
++++ b/kernel/time/tick-broadcast.c
+@@ -67,6 +67,8 @@ static void tick_broadcast_start_periodi
+ */
+ int tick_check_broadcast_device(struct clock_event_device *dev)
+ {
++ struct clock_event_device *cur = tick_broadcast_device.evtdev;
++
+ if ((dev->features & CLOCK_EVT_FEAT_DUMMY) ||
+ (tick_broadcast_device.evtdev &&
+ tick_broadcast_device.evtdev->rating >= dev->rating) ||
+@@ -74,6 +76,8 @@ int tick_check_broadcast_device(struct c
+ return 0;
+
+ clockevents_exchange_device(tick_broadcast_device.evtdev, dev);
++ if (cur)
++ cur->event_handler = clockevents_handle_noop;
+ tick_broadcast_device.evtdev = dev;
+ if (!cpumask_empty(tick_get_broadcast_mask()))
+ tick_broadcast_start_periodic(dev);
+--- a/kernel/time/tick-common.c
++++ b/kernel/time/tick-common.c
+@@ -323,6 +323,7 @@ static void tick_shutdown(unsigned int *
+ */
+ dev->mode = CLOCK_EVT_MODE_UNUSED;
+ clockevents_exchange_device(dev, NULL);
++ dev->event_handler = clockevents_handle_noop;
+ td->evtdev = NULL;
+ }
+ raw_spin_unlock_irqrestore(&tick_device_lock, flags);
--- /dev/null
+From 3427de92ac70a064098ff843c72ac76c420bb1cb Mon Sep 17 00:00:00 2001
+From: Johan Hovold <jhovold@gmail.com>
+Date: Mon, 29 Apr 2013 16:21:05 -0700
+Subject: drivers/rtc/rtc-at91rm9200.c: fix missing iounmap
+
+From: Johan Hovold <jhovold@gmail.com>
+
+commit 3427de92ac70a064098ff843c72ac76c420bb1cb upstream.
+
+Add missing iounmap to probe error path and remove.
+
+Signed-off-by: Johan Hovold <jhovold@gmail.com>
+Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/rtc/rtc-at91rm9200.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+--- a/drivers/rtc/rtc-at91rm9200.c
++++ b/drivers/rtc/rtc-at91rm9200.c
+@@ -297,7 +297,7 @@ static int __init at91_rtc_probe(struct
+ "at91_rtc", pdev);
+ if (ret) {
+ dev_err(&pdev->dev, "IRQ %d already in use.\n", irq);
+- return ret;
++ goto err_unmap;
+ }
+
+ /* cpu init code should really have flagged this device as
+@@ -309,13 +309,20 @@ static int __init at91_rtc_probe(struct
+ rtc = rtc_device_register(pdev->name, &pdev->dev,
+ &at91_rtc_ops, THIS_MODULE);
+ if (IS_ERR(rtc)) {
+- free_irq(irq, pdev);
+- return PTR_ERR(rtc);
++ ret = PTR_ERR(rtc);
++ goto err_free_irq;
+ }
+ platform_set_drvdata(pdev, rtc);
+
+ dev_info(&pdev->dev, "AT91 Real Time Clock driver.\n");
+ return 0;
++
++err_free_irq:
++ free_irq(irq, pdev);
++err_unmap:
++ iounmap(at91_rtc_regs);
++
++ return ret;
+ }
+
+ /*
+@@ -332,6 +339,7 @@ static int __exit at91_rtc_remove(struct
+ free_irq(irq, pdev);
+
+ rtc_device_unregister(rtc);
++ iounmap(at91_rtc_regs);
+ platform_set_drvdata(pdev, NULL);
+
+ return 0;
--- /dev/null
+From e005715efaf674660ae59af83b13822567e3a758 Mon Sep 17 00:00:00 2001
+From: Derek Basehore <dbasehore@chromium.org>
+Date: Mon, 29 Apr 2013 16:20:23 -0700
+Subject: drivers/rtc/rtc-cmos.c: don't disable hpet emulation on suspend
+
+From: Derek Basehore <dbasehore@chromium.org>
+
+commit e005715efaf674660ae59af83b13822567e3a758 upstream.
+
+There's a bug where rtc alarms are ignored after the rtc cmos suspends
+but before the system finishes suspend. Since hpet emulation is
+disabled and it still handles the interrupts, a wake event is never
+registered which is done from the rtc layer.
+
+This patch reverts commit d1b2efa83fbf ("rtc: disable hpet emulation on
+suspend") which disabled hpet emulation. To fix the problem mentioned
+in that commit, hpet_rtc_timer_init() is called directly on resume.
+
+Signed-off-by: Derek Basehore <dbasehore@chromium.org>
+Cc: Maxim Levitsky <maximlevitsky@gmail.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@elte.hu>
+Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/rtc/rtc-cmos.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/rtc/rtc-cmos.c
++++ b/drivers/rtc/rtc-cmos.c
+@@ -804,9 +804,8 @@ static int cmos_suspend(struct device *d
+ mask = RTC_IRQMASK;
+ tmp &= ~mask;
+ CMOS_WRITE(tmp, RTC_CONTROL);
++ hpet_mask_rtc_irq_bit(mask);
+
+- /* shut down hpet emulation - we don't need it for alarm */
+- hpet_mask_rtc_irq_bit(RTC_PIE|RTC_AIE|RTC_UIE);
+ cmos_checkintr(cmos, tmp);
+ }
+ spin_unlock_irq(&rtc_lock);
+@@ -870,6 +869,7 @@ static int cmos_resume(struct device *de
+ rtc_update_irq(cmos->rtc, 1, mask);
+ tmp &= ~RTC_AIE;
+ hpet_mask_rtc_irq_bit(RTC_AIE);
++ hpet_rtc_timer_init();
+ } while (mask & RTC_AIE);
+ spin_unlock_irq(&rtc_lock);
+ }
--- /dev/null
+From e56fb2874015370e3b7f8d85051f6dce26051df9 Mon Sep 17 00:00:00 2001
+From: Oleg Nesterov <oleg@redhat.com>
+Date: Tue, 30 Apr 2013 15:28:20 -0700
+Subject: exec: do not abuse ->cred_guard_mutex in threadgroup_lock()
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+commit e56fb2874015370e3b7f8d85051f6dce26051df9 upstream.
+
+threadgroup_lock() takes signal->cred_guard_mutex to ensure that
+thread_group_leader() is stable. This doesn't look nice, the scope of
+this lock in do_execve() is huge.
+
+And as Dave pointed out this can lead to deadlock, we have the
+following dependencies:
+
+ do_execve: cred_guard_mutex -> i_mutex
+ cgroup_mount: i_mutex -> cgroup_mutex
+ attach_task_by_pid: cgroup_mutex -> cred_guard_mutex
+
+Change de_thread() to take threadgroup_change_begin() around the
+switch-the-leader code and change threadgroup_lock() to avoid
+->cred_guard_mutex.
+
+Note that de_thread() can't sleep with ->group_rwsem held, this can
+obviously deadlock with the exiting leader if the writer is active, so it
+does threadgroup_change_end() before schedule().
+
+Reported-by: Dave Jones <davej@redhat.com>
+Acked-by: Tejun Heo <tj@kernel.org>
+Acked-by: Li Zefan <lizefan@huawei.com>
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/exec.c | 3 +++
+ include/linux/sched.h | 18 ++++--------------
+ 2 files changed, 7 insertions(+), 14 deletions(-)
+
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -898,11 +898,13 @@ static int de_thread(struct task_struct
+
+ sig->notify_count = -1; /* for exit_notify() */
+ for (;;) {
++ threadgroup_change_begin(tsk);
+ write_lock_irq(&tasklist_lock);
+ if (likely(leader->exit_state))
+ break;
+ __set_current_state(TASK_KILLABLE);
+ write_unlock_irq(&tasklist_lock);
++ threadgroup_change_end(tsk);
+ schedule();
+ if (unlikely(__fatal_signal_pending(tsk)))
+ goto killed;
+@@ -960,6 +962,7 @@ static int de_thread(struct task_struct
+ if (unlikely(leader->ptrace))
+ __wake_up_parent(leader, leader->parent);
+ write_unlock_irq(&tasklist_lock);
++ threadgroup_change_end(tsk);
+
+ release_task(leader);
+ }
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -2413,27 +2413,18 @@ static inline void threadgroup_change_en
+ *
+ * Lock the threadgroup @tsk belongs to. No new task is allowed to enter
+ * and member tasks aren't allowed to exit (as indicated by PF_EXITING) or
+- * perform exec. This is useful for cases where the threadgroup needs to
+- * stay stable across blockable operations.
++ * change ->group_leader/pid. This is useful for cases where the threadgroup
++ * needs to stay stable across blockable operations.
+ *
+ * fork and exit paths explicitly call threadgroup_change_{begin|end}() for
+ * synchronization. While held, no new task will be added to threadgroup
+ * and no existing live task will have its PF_EXITING set.
+ *
+- * During exec, a task goes and puts its thread group through unusual
+- * changes. After de-threading, exclusive access is assumed to resources
+- * which are usually shared by tasks in the same group - e.g. sighand may
+- * be replaced with a new one. Also, the exec'ing task takes over group
+- * leader role including its pid. Exclude these changes while locked by
+- * grabbing cred_guard_mutex which is used to synchronize exec path.
++ * de_thread() does threadgroup_change_{begin|end}() when a non-leader
++ * sub-thread becomes a new leader.
+ */
+ static inline void threadgroup_lock(struct task_struct *tsk)
+ {
+- /*
+- * exec uses exit for de-threading nesting group_rwsem inside
+- * cred_guard_mutex. Grab cred_guard_mutex first.
+- */
+- mutex_lock(&tsk->signal->cred_guard_mutex);
+ down_write(&tsk->signal->group_rwsem);
+ }
+
+@@ -2446,7 +2437,6 @@ static inline void threadgroup_lock(stru
+ static inline void threadgroup_unlock(struct task_struct *tsk)
+ {
+ up_write(&tsk->signal->group_rwsem);
+- mutex_unlock(&tsk->signal->cred_guard_mutex);
+ }
+ #else
+ static inline void threadgroup_change_begin(struct task_struct *tsk) {}
--- /dev/null
+From 421348f1ca0bf17769dee0aed4d991845ae0536d Mon Sep 17 00:00:00 2001
+From: Greg Thelen <gthelen@google.com>
+Date: Tue, 30 Apr 2013 15:26:48 -0700
+Subject: fs/dcache.c: add cond_resched() to shrink_dcache_parent()
+
+From: Greg Thelen <gthelen@google.com>
+
+commit 421348f1ca0bf17769dee0aed4d991845ae0536d upstream.
+
+Call cond_resched() in shrink_dcache_parent() to maintain interactivity.
+
+Before this patch:
+
+ void shrink_dcache_parent(struct dentry * parent)
+ {
+ while ((found = select_parent(parent, &dispose)) != 0)
+ shrink_dentry_list(&dispose);
+ }
+
+select_parent() populates the dispose list with dentries which
+shrink_dentry_list() then deletes. select_parent() carefully uses
+need_resched() to avoid doing too much work at once. But neither
+shrink_dcache_parent() nor its called functions call cond_resched(). So
+once need_resched() is set select_parent() will return single dentry
+dispose list which is then deleted by shrink_dentry_list(). This is
+inefficient when there are a lot of dentry to process. This can cause
+softlockup and hurts interactivity on non preemptable kernels.
+
+This change adds cond_resched() in shrink_dcache_parent(). The benefit
+of this is that need_resched() is quickly cleared so that future calls
+to select_parent() are able to efficiently return a big batch of dentry.
+
+These additional cond_resched() do not seem to impact performance, at
+least for the workload below.
+
+Here is a program which can cause soft lockup if other system activity
+sets need_resched().
+
+ int main()
+ {
+ struct rlimit rlim;
+ int i;
+ int f[100000];
+ char buf[20];
+ struct timeval t1, t2;
+ double diff;
+
+ /* cleanup past run */
+ system("rm -rf x");
+
+ /* boost nfile rlimit */
+ rlim.rlim_cur = 200000;
+ rlim.rlim_max = 200000;
+ if (setrlimit(RLIMIT_NOFILE, &rlim))
+ err(1, "setrlimit");
+
+ /* make directory for files */
+ if (mkdir("x", 0700))
+ err(1, "mkdir");
+
+ if (gettimeofday(&t1, NULL))
+ err(1, "gettimeofday");
+
+ /* populate directory with open files */
+ for (i = 0; i < 100000; i++) {
+ snprintf(buf, sizeof(buf), "x/%d", i);
+ f[i] = open(buf, O_CREAT);
+ if (f[i] == -1)
+ err(1, "open");
+ }
+
+ /* close some of the files */
+ for (i = 0; i < 85000; i++)
+ close(f[i]);
+
+ /* unlink all files, even open ones */
+ system("rm -rf x");
+
+ if (gettimeofday(&t2, NULL))
+ err(1, "gettimeofday");
+
+ diff = (((double)t2.tv_sec * 1000000 + t2.tv_usec) -
+ ((double)t1.tv_sec * 1000000 + t1.tv_usec));
+
+ printf("done: %g elapsed\n", diff/1e6);
+ return 0;
+ }
+
+Signed-off-by: Greg Thelen <gthelen@google.com>
+Signed-off-by: Dave Chinner <david@fromorbit.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/dcache.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -1230,8 +1230,10 @@ void shrink_dcache_parent(struct dentry
+ LIST_HEAD(dispose);
+ int found;
+
+- while ((found = select_parent(parent, &dispose)) != 0)
++ while ((found = select_parent(parent, &dispose)) != 0) {
+ shrink_dentry_list(&dispose);
++ cond_resched();
++ }
+ }
+ EXPORT_SYMBOL(shrink_dcache_parent);
+
--- /dev/null
+From 8f294b5a139ee4b75e890ad5b443c93d1e558a8b Mon Sep 17 00:00:00 2001
+From: Prarit Bhargava <prarit@redhat.com>
+Date: Mon, 8 Apr 2013 08:47:15 -0400
+Subject: hrtimer: Add expiry time overflow check in hrtimer_interrupt
+
+From: Prarit Bhargava <prarit@redhat.com>
+
+commit 8f294b5a139ee4b75e890ad5b443c93d1e558a8b upstream.
+
+The settimeofday01 test in the LTP testsuite effectively does
+
+ gettimeofday(current time);
+ settimeofday(Jan 1, 1970 + 100 seconds);
+ settimeofday(current time);
+
+This test causes a stack trace to be displayed on the console during the
+setting of timeofday to Jan 1, 1970 + 100 seconds:
+
+[ 131.066751] ------------[ cut here ]------------
+[ 131.096448] WARNING: at kernel/time/clockevents.c:209 clockevents_program_event+0x135/0x140()
+[ 131.104935] Hardware name: Dinar
+[ 131.108150] Modules linked in: sg nfsv3 nfs_acl nfsv4 auth_rpcgss nfs dns_resolver fscache lockd sunrpc nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables kvm_amd kvm sp5100_tco bnx2 i2c_piix4 crc32c_intel k10temp fam15h_power ghash_clmulni_intel amd64_edac_mod pcspkr serio_raw edac_mce_amd edac_core microcode xfs libcrc32c sr_mod sd_mod cdrom ata_generic crc_t10dif pata_acpi radeon i2c_algo_bit drm_kms_helper ttm drm ahci pata_atiixp libahci libata usb_storage i2c_core dm_mirror dm_region_hash dm_log dm_mod
+[ 131.176784] Pid: 0, comm: swapper/28 Not tainted 3.8.0+ #6
+[ 131.182248] Call Trace:
+[ 131.184684] <IRQ> [<ffffffff810612af>] warn_slowpath_common+0x7f/0xc0
+[ 131.191312] [<ffffffff8106130a>] warn_slowpath_null+0x1a/0x20
+[ 131.197131] [<ffffffff810b9fd5>] clockevents_program_event+0x135/0x140
+[ 131.203721] [<ffffffff810bb584>] tick_program_event+0x24/0x30
+[ 131.209534] [<ffffffff81089ab1>] hrtimer_interrupt+0x131/0x230
+[ 131.215437] [<ffffffff814b9600>] ? cpufreq_p4_target+0x130/0x130
+[ 131.221509] [<ffffffff81619119>] smp_apic_timer_interrupt+0x69/0x99
+[ 131.227839] [<ffffffff8161805d>] apic_timer_interrupt+0x6d/0x80
+[ 131.233816] <EOI> [<ffffffff81099745>] ? sched_clock_cpu+0xc5/0x120
+[ 131.240267] [<ffffffff814b9ff0>] ? cpuidle_wrap_enter+0x50/0xa0
+[ 131.246252] [<ffffffff814b9fe9>] ? cpuidle_wrap_enter+0x49/0xa0
+[ 131.252238] [<ffffffff814ba050>] cpuidle_enter_tk+0x10/0x20
+[ 131.257877] [<ffffffff814b9c89>] cpuidle_idle_call+0xa9/0x260
+[ 131.263692] [<ffffffff8101c42f>] cpu_idle+0xaf/0x120
+[ 131.268727] [<ffffffff815f8971>] start_secondary+0x255/0x257
+[ 131.274449] ---[ end trace 1151a50552231615 ]---
+
+When we change the system time to a low value like this, the value of
+timekeeper->offs_real will be a negative value.
+
+It seems that the WARN occurs because an hrtimer has been started in the time
+between the releasing of the timekeeper lock and the IPI call (via a call to
+on_each_cpu) in clock_was_set() in the do_settimeofday() code. The end result
+is that a REALTIME_CLOCK timer has been added with softexpires = expires =
+KTIME_MAX. The hrtimer_interrupt() fires/is called and the loop at
+kernel/hrtimer.c:1289 is executed. In this loop the code subtracts the
+clock base's offset (which was set to timekeeper->offs_real in
+do_settimeofday()) from the current hrtimer_cpu_base->expiry value (which
+was KTIME_MAX):
+
+ KTIME_MAX - (a negative value) = overflow
+
+A simple check for an overflow can resolve this problem. Using KTIME_MAX
+instead of the overflow value will result in the hrtimer function being run,
+and the reprogramming of the timer after that.
+
+Reviewed-by: Rik van Riel <riel@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Prarit Bhargava <prarit@redhat.com>
+[jstultz: Tweaked commit subject]
+Signed-off-by: John Stultz <john.stultz@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/hrtimer.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/hrtimer.c
++++ b/kernel/hrtimer.c
+@@ -1314,6 +1314,8 @@ retry:
+
+ expires = ktime_sub(hrtimer_get_expires(timer),
+ base->offset);
++ if (expires.tv64 < 0)
++ expires.tv64 = KTIME_MAX;
+ if (expires.tv64 < expires_next.tv64)
+ expires_next = expires;
+ break;
--- /dev/null
+From 51fd36f3fad8447c487137ae26b9d0b3ce77bb25 Mon Sep 17 00:00:00 2001
+From: David Engraf <david.engraf@sysgo.com>
+Date: Tue, 19 Mar 2013 13:29:55 +0100
+Subject: hrtimer: Fix ktime_add_ns() overflow on 32bit architectures
+
+From: David Engraf <david.engraf@sysgo.com>
+
+commit 51fd36f3fad8447c487137ae26b9d0b3ce77bb25 upstream.
+
+One can trigger an overflow when using ktime_add_ns() on a 32bit
+architecture not supporting CONFIG_KTIME_SCALAR.
+
+When passing a very high value for u64 nsec, e.g. 7881299347898368000
+the do_div() function converts this value to seconds (7881299347) which
+is still to high to pass to the ktime_set() function as long. The result
+in is a negative value.
+
+The problem on my system occurs in the tick-sched.c,
+tick_nohz_stop_sched_tick() when time_delta is set to
+timekeeping_max_deferment(). The check for time_delta < KTIME_MAX is
+valid, thus ktime_add_ns() is called with a too large value resulting in
+a negative expire value. This leads to an endless loop in the ticker code:
+
+time_delta: 7881299347898368000
+expires = ktime_add_ns(last_update, time_delta)
+expires: negative value
+
+This fix caps the value to KTIME_MAX.
+
+This error doesn't occurs on 64bit or architectures supporting
+CONFIG_KTIME_SCALAR (e.g. ARM, x86-32).
+
+Signed-off-by: David Engraf <david.engraf@sysgo.com>
+[jstultz: Minor tweaks to commit message & header]
+Signed-off-by: John Stultz <john.stultz@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/hrtimer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/kernel/hrtimer.c
++++ b/kernel/hrtimer.c
+@@ -276,6 +276,10 @@ ktime_t ktime_add_ns(const ktime_t kt, u
+ } else {
+ unsigned long rem = do_div(nsec, NSEC_PER_SEC);
+
++ /* Make sure nsec fits into long */
++ if (unlikely(nsec > KTIME_SEC_MAX))
++ return (ktime_t){ .tv64 = KTIME_MAX };
++
+ tmp = ktime_set((long)nsec, rem);
+ }
+
--- /dev/null
+From 04df32fa10ab9a6f0643db2949d42efc966bc844 Mon Sep 17 00:00:00 2001
+From: Zhao Hongjiang <zhaohongjiang@huawei.com>
+Date: Tue, 30 Apr 2013 15:26:46 -0700
+Subject: inotify: invalid mask should return a error number but not set it
+
+From: Zhao Hongjiang <zhaohongjiang@huawei.com>
+
+commit 04df32fa10ab9a6f0643db2949d42efc966bc844 upstream.
+
+When we run the crackerjack testsuite, the inotify_add_watch test is
+stalled.
+
+This is caused by the invalid mask 0 - the task is waiting for the event
+but it never comes. inotify_add_watch() should return -EINVAL as it did
+before commit 676a0675cf92 ("inotify: remove broken mask checks causing
+unmount to be EINVAL"). That commit removes the invalid mask check, but
+that check is needed.
+
+Check the mask's ALL_INOTIFY_BITS before the inotify_arg_to_mask() call.
+If none are set, just return -EINVAL.
+
+Because IN_UNMOUNT is in ALL_INOTIFY_BITS, this change will not trigger
+the problem that above commit fixed.
+
+[akpm@linux-foundation.org: fix build]
+Signed-off-by: Zhao Hongjiang <zhaohongjiang@huawei.com>
+Acked-by: Jim Somerville <Jim.Somerville@windriver.com>
+Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
+Cc: Jerome Marchand <jmarchan@redhat.com>
+Cc: Eric Paris <eparis@parisplace.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/notify/inotify/inotify_user.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/fs/notify/inotify/inotify_user.c
++++ b/fs/notify/inotify/inotify_user.c
+@@ -572,7 +572,6 @@ static int inotify_update_existing_watch
+ int add = (arg & IN_MASK_ADD);
+ int ret;
+
+- /* don't allow invalid bits: we don't want flags set */
+ mask = inotify_arg_to_mask(arg);
+
+ fsn_mark = fsnotify_find_inode_mark(group, inode);
+@@ -623,7 +622,6 @@ static int inotify_new_watch(struct fsno
+ struct idr *idr = &group->inotify_data.idr;
+ spinlock_t *idr_lock = &group->inotify_data.idr_lock;
+
+- /* don't allow invalid bits: we don't want flags set */
+ mask = inotify_arg_to_mask(arg);
+
+ tmp_i_mark = kmem_cache_alloc(inotify_inode_mark_cachep, GFP_KERNEL);
+@@ -751,6 +749,10 @@ SYSCALL_DEFINE3(inotify_add_watch, int,
+ int ret;
+ unsigned flags = 0;
+
++ /* don't allow invalid bits: we don't want flags set */
++ if (unlikely(!(mask & ALL_INOTIFY_BITS)))
++ return -EINVAL;
++
+ f = fdget(fd);
+ if (unlikely(!f.file))
+ return -EBADF;
--- /dev/null
+From d69f3bad4675ac519d41ca2b11e1c00ca115cecd Mon Sep 17 00:00:00 2001
+From: Robin Holt <holt@sgi.com>
+Date: Tue, 30 Apr 2013 19:15:54 -0700
+Subject: ipc: sysv shared memory limited to 8TiB
+
+From: Robin Holt <holt@sgi.com>
+
+commit d69f3bad4675ac519d41ca2b11e1c00ca115cecd upstream.
+
+Trying to run an application which was trying to put data into half of
+memory using shmget(), we found that having a shmall value below 8EiB-8TiB
+would prevent us from using anything more than 8TiB. By setting
+kernel.shmall greater than 8EiB-8TiB would make the job work.
+
+In the newseg() function, ns->shm_tot which, at 8TiB is INT_MAX.
+
+ipc/shm.c:
+ 458 static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+ 459 {
+...
+ 465 int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT;
+...
+ 474 if (ns->shm_tot + numpages > ns->shm_ctlall)
+ 475 return -ENOSPC;
+
+[akpm@linux-foundation.org: make ipc/shm.c:newseg()'s numpages size_t, not int]
+Signed-off-by: Robin Holt <holt@sgi.com>
+Reported-by: Alex Thorlton <athorlton@sgi.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/ipc_namespace.h | 2 +-
+ ipc/shm.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/include/linux/ipc_namespace.h
++++ b/include/linux/ipc_namespace.h
+@@ -43,8 +43,8 @@ struct ipc_namespace {
+
+ size_t shm_ctlmax;
+ size_t shm_ctlall;
++ unsigned long shm_tot;
+ int shm_ctlmni;
+- int shm_tot;
+ /*
+ * Defines whether IPC_RMID is forced for _all_ shm segments regardless
+ * of shmctl()
+--- a/ipc/shm.c
++++ b/ipc/shm.c
+@@ -462,7 +462,7 @@ static int newseg(struct ipc_namespace *
+ size_t size = params->u.size;
+ int error;
+ struct shmid_kernel *shp;
+- int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT;
++ size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ struct file * file;
+ char name[13];
+ int id;
--- /dev/null
+From d66af4df0837f21bf267305dc5ccab2d29e24d86 Mon Sep 17 00:00:00 2001
+From: Aaron Lu <aaron.lu@intel.com>
+Date: Sat, 27 Apr 2013 09:33:07 +0800
+Subject: libata: acpi: make ata_ap_acpi_handle not block
+
+From: Aaron Lu <aaron.lu@intel.com>
+
+commit d66af4df0837f21bf267305dc5ccab2d29e24d86 upstream.
+
+Since commit 30dcf76acc, ata_ap_acpi_handle will always do a namespace
+walk, which requires acquiring an acpi namespace mutex. This made it
+impossible to be used when calling path has held a spinlock.
+
+For example, it can occur in the following code path for pata_acpi:
+ata_scsi_queuecmd (ap->lock is acquired)
+ __ata_scsi_queuecmd
+ ata_scsi_translate
+ ata_qc_issue
+ pacpi_qc_issue
+ ata_acpi_stm
+ ata_ap_acpi_handle
+ acpi_get_child
+ acpi_walk_namespace
+ acpi_ut_acquire_mutex (acquire mutex while holding lock)
+This caused scheduling while atomic bug, as reported in bug #56781.
+
+Actually, ata_ap_acpi_handle doesn't have to walk the namespace every
+time it is called, it can simply return the bound acpi handle on the
+corresponding SCSI host. The reason previously it is not done this way
+is, ata_ap_acpi_handle is used in the binding function
+ata_acpi_bind_host by ata_acpi_gtm when the handle is not bound to the
+SCSI host yet. Since we already have the ATA port's handle in its
+binding function, we can simply use it instead of calling
+ata_ap_acpi_handle there. So introduce a new function __ata_acpi_gtm,
+where it will receive an acpi handle param in addition to the ATA port
+which is solely used for debug statement. With this change, we can make
+ata_ap_acpi_handle simply return the bound handle for SCSI host instead
+of walking the acpi namespace now.
+
+Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=56781
+Reported-and-tested-by: <kenzopl@o2.pl>
+Signed-off-by: Aaron Lu <aaron.lu@intel.com>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-acpi.c | 45 +++++++++++++++++++++++++++------------------
+ 1 file changed, 27 insertions(+), 18 deletions(-)
+
+--- a/drivers/ata/libata-acpi.c
++++ b/drivers/ata/libata-acpi.c
+@@ -61,7 +61,8 @@ acpi_handle ata_ap_acpi_handle(struct at
+ if (ap->flags & ATA_FLAG_ACPI_SATA)
+ return NULL;
+
+- return acpi_get_child(DEVICE_ACPI_HANDLE(ap->host->dev), ap->port_no);
++ return ap->scsi_host ?
++ DEVICE_ACPI_HANDLE(&ap->scsi_host->shost_gendev) : NULL;
+ }
+ EXPORT_SYMBOL(ata_ap_acpi_handle);
+
+@@ -240,28 +241,15 @@ void ata_acpi_dissociate(struct ata_host
+ }
+ }
+
+-/**
+- * ata_acpi_gtm - execute _GTM
+- * @ap: target ATA port
+- * @gtm: out parameter for _GTM result
+- *
+- * Evaluate _GTM and store the result in @gtm.
+- *
+- * LOCKING:
+- * EH context.
+- *
+- * RETURNS:
+- * 0 on success, -ENOENT if _GTM doesn't exist, -errno on failure.
+- */
+-int ata_acpi_gtm(struct ata_port *ap, struct ata_acpi_gtm *gtm)
++static int __ata_acpi_gtm(struct ata_port *ap, acpi_handle handle,
++ struct ata_acpi_gtm *gtm)
+ {
+ struct acpi_buffer output = { .length = ACPI_ALLOCATE_BUFFER };
+ union acpi_object *out_obj;
+ acpi_status status;
+ int rc = 0;
+
+- status = acpi_evaluate_object(ata_ap_acpi_handle(ap), "_GTM", NULL,
+- &output);
++ status = acpi_evaluate_object(handle, "_GTM", NULL, &output);
+
+ rc = -ENOENT;
+ if (status == AE_NOT_FOUND)
+@@ -295,6 +283,27 @@ int ata_acpi_gtm(struct ata_port *ap, st
+ return rc;
+ }
+
++/**
++ * ata_acpi_gtm - execute _GTM
++ * @ap: target ATA port
++ * @gtm: out parameter for _GTM result
++ *
++ * Evaluate _GTM and store the result in @gtm.
++ *
++ * LOCKING:
++ * EH context.
++ *
++ * RETURNS:
++ * 0 on success, -ENOENT if _GTM doesn't exist, -errno on failure.
++ */
++int ata_acpi_gtm(struct ata_port *ap, struct ata_acpi_gtm *gtm)
++{
++ if (ata_ap_acpi_handle(ap))
++ return __ata_acpi_gtm(ap, ata_ap_acpi_handle(ap), gtm);
++ else
++ return -EINVAL;
++}
++
+ EXPORT_SYMBOL_GPL(ata_acpi_gtm);
+
+ /**
+@@ -1080,7 +1089,7 @@ static int ata_acpi_bind_host(struct ata
+ if (!*handle)
+ return -ENODEV;
+
+- if (ata_acpi_gtm(ap, &ap->__acpi_init_gtm) == 0)
++ if (__ata_acpi_gtm(ap, *handle, &ap->__acpi_init_gtm) == 0)
+ ap->pflags |= ATA_PFLAG_INIT_GTM_VALID;
+
+ return 0;
--- /dev/null
+From ced9cb1af1e3486cc14dca755a1b3fbadf06e90b Mon Sep 17 00:00:00 2001
+From: Steven Rostedt <rostedt@goodmis.org>
+Date: Mon, 29 Apr 2013 15:18:38 -0400
+Subject: localmodconfig: Process source kconfig files as they are found
+
+From: Steven Rostedt <rostedt@goodmis.org>
+
+commit ced9cb1af1e3486cc14dca755a1b3fbadf06e90b upstream.
+
+A bug was reported that caused localmodconfig to not keep all the
+dependencies of ATH9K. This was caused by the kconfig file:
+
+In drivers/net/wireless/ath/Kconfig:
+
+---
+if ATH_CARDS
+
+config ATH_DEBUG
+ bool "Atheros wireless debugging"
+ ---help---
+ Say Y, if you want to debug atheros wireless drivers.
+ Right now only ath9k makes use of this.
+
+source "drivers/net/wireless/ath/ath5k/Kconfig"
+source "drivers/net/wireless/ath/ath9k/Kconfig"
+source "drivers/net/wireless/ath/carl9170/Kconfig"
+source "drivers/net/wireless/ath/ath6kl/Kconfig"
+source "drivers/net/wireless/ath/ar5523/Kconfig"
+source "drivers/net/wireless/ath/wil6210/Kconfig"
+
+endif
+---
+
+The current way kconfig works, it processes new source files after the
+first file is completed. It creates an array of new source config files
+and when the one file is finished, it continues with the next file.
+
+Unfortunately, this means that it loses the fact that the source file is
+within an "if" statement, and this means that each of these source file's
+configs will not have the proper dependencies set.
+
+As ATH9K requires ATH_CARDS set, the localmodconfig did not see that
+dependency, and did not enable ATH_CARDS. When the oldconfig was run, it
+forced ATH9K to be disabled.
+
+Link: http://lkml.kernel.org/r/alpine.DEB.2.02.1304291022320.9234@oneiric
+
+Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
+Tested-by: Robert P. J. Day <rpjday@crashcourse.ca>
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ scripts/kconfig/streamline_config.pl | 17 +++++++----------
+ 1 file changed, 7 insertions(+), 10 deletions(-)
+
+--- a/scripts/kconfig/streamline_config.pl
++++ b/scripts/kconfig/streamline_config.pl
+@@ -156,7 +156,6 @@ sub read_kconfig {
+
+ my $state = "NONE";
+ my $config;
+- my @kconfigs;
+
+ my $cont = 0;
+ my $line;
+@@ -190,7 +189,13 @@ sub read_kconfig {
+
+ # collect any Kconfig sources
+ if (/^source\s*"(.*)"/) {
+- $kconfigs[$#kconfigs+1] = $1;
++ my $kconfig = $1;
++ # prevent reading twice.
++ if (!defined($read_kconfigs{$kconfig})) {
++ $read_kconfigs{$kconfig} = 1;
++ read_kconfig($kconfig);
++ }
++ next;
+ }
+
+ # configs found
+@@ -250,14 +255,6 @@ sub read_kconfig {
+ }
+ }
+ close($kinfile);
+-
+- # read in any configs that were found.
+- foreach my $kconfig (@kconfigs) {
+- if (!defined($read_kconfigs{$kconfig})) {
+- $read_kconfigs{$kconfig} = 1;
+- read_kconfig($kconfig);
+- }
+- }
+ }
+
+ if ($kconfig) {
--- /dev/null
+From 1dfd89af8697a299e7982ae740d4695ecd917eef Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Sun, 21 Apr 2013 18:01:06 -0400
+Subject: LOCKD: Ensure that nlmclnt_block resets block->b_status after a server reboot
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit 1dfd89af8697a299e7982ae740d4695ecd917eef upstream.
+
+After a server reboot, the reclaimer thread will recover all the existing
+locks. For locks that are blocked, however, it will change the value
+of block->b_status to nlm_lck_denied_grace_period in order to signal that
+they need to wake up and resend the original blocking lock request.
+
+Due to a bug, however, the block->b_status never gets reset after the
+blocked locks have been woken up, and so the process goes into an
+infinite loop of resends until the blocked lock is satisfied.
+
+Reported-by: Marc Eshel <eshel@us.ibm.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/lockd/clntlock.c | 3 +++
+ fs/lockd/clntproc.c | 3 ---
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/fs/lockd/clntlock.c
++++ b/fs/lockd/clntlock.c
+@@ -144,6 +144,9 @@ int nlmclnt_block(struct nlm_wait *block
+ timeout);
+ if (ret < 0)
+ return -ERESTARTSYS;
++ /* Reset the lock status after a server reboot so we resend */
++ if (block->b_status == nlm_lck_denied_grace_period)
++ block->b_status = nlm_lck_blocked;
+ req->a_res.status = block->b_status;
+ return 0;
+ }
+--- a/fs/lockd/clntproc.c
++++ b/fs/lockd/clntproc.c
+@@ -550,9 +550,6 @@ again:
+ status = nlmclnt_block(block, req, NLMCLNT_POLL_TIMEOUT);
+ if (status < 0)
+ break;
+- /* Resend the blocking lock request after a server reboot */
+- if (resp->status == nlm_lck_denied_grace_period)
+- continue;
+ if (resp->status != nlm_lck_blocked)
+ break;
+ }
--- /dev/null
+From 486adf72ccc0c235754923d47a2270c5dcb0c98b Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Wed, 24 Apr 2013 11:42:44 +1000
+Subject: md: bad block list should default to disabled.
+
+From: NeilBrown <neilb@suse.de>
+
+commit 486adf72ccc0c235754923d47a2270c5dcb0c98b upstream.
+
+Maintenance of a bad-block-list currently defaults to 'enabled'
+and is then disabled when it cannot be supported.
+This is backwards and causes problem for dm-raid which didn't know
+to disable it.
+
+So fix the defaults, and only enabled for v1.x metadata which
+explicitly has bad blocks enabled.
+
+The problem with dm-raid has been present since badblock support was
+added in v3.1, so this patch is suitable for any -stable from 3.1
+onwards.
+
+Reported-by: Jonathan Brassow <jbrassow@redhat.com>
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/md.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+--- a/drivers/md/md.c
++++ b/drivers/md/md.c
+@@ -1564,8 +1564,8 @@ static int super_1_load(struct md_rdev *
+ sector, count, 1) == 0)
+ return -EINVAL;
+ }
+- } else if (sb->bblog_offset == 0)
+- rdev->badblocks.shift = -1;
++ } else if (sb->bblog_offset != 0)
++ rdev->badblocks.shift = 0;
+
+ if (!refdev) {
+ ret = 1;
+@@ -3221,7 +3221,7 @@ int md_rdev_init(struct md_rdev *rdev)
+ * be used - I wonder if that matters
+ */
+ rdev->badblocks.count = 0;
+- rdev->badblocks.shift = 0;
++ rdev->badblocks.shift = -1; /* disabled until explicitly enabled */
+ rdev->badblocks.page = kmalloc(PAGE_SIZE, GFP_KERNEL);
+ seqlock_init(&rdev->badblocks.lock);
+ if (rdev->badblocks.page == NULL)
+@@ -3293,9 +3293,6 @@ static struct md_rdev *md_import_device(
+ goto abort_free;
+ }
+ }
+- if (super_format == -1)
+- /* hot-add for 0.90, or non-persistent: so no badblocks */
+- rdev->badblocks.shift = -1;
+
+ return rdev;
+
--- /dev/null
+From 32f9f570d04461a41bdcd5c1d93b41ebc5ce182a Mon Sep 17 00:00:00 2001
+From: Shaohua Li <shli@kernel.org>
+Date: Sun, 28 Apr 2013 18:26:38 +0800
+Subject: MD: ignore discard request for hard disks of hybid raid1/raid10 array
+
+From: Shaohua Li <shli@kernel.org>
+
+commit 32f9f570d04461a41bdcd5c1d93b41ebc5ce182a upstream.
+
+In SSD/hard disk hybid storage, discard request should be ignored for hard
+disk. We used to be doing this way, but the unplug path forgets it.
+
+This is suitable for stable tree since v3.6.
+
+Reported-and-tested-by: Markus <M4rkusXXL@web.de>
+Signed-off-by: Shaohua Li <shli@fusionio.com>
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/raid1.c | 7 ++++++-
+ drivers/md/raid10.c | 7 ++++++-
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+--- a/drivers/md/raid1.c
++++ b/drivers/md/raid1.c
+@@ -981,7 +981,12 @@ static void raid1_unplug(struct blk_plug
+ while (bio) { /* submit pending writes */
+ struct bio *next = bio->bi_next;
+ bio->bi_next = NULL;
+- generic_make_request(bio);
++ if (unlikely((bio->bi_rw & REQ_DISCARD) &&
++ !blk_queue_discard(bdev_get_queue(bio->bi_bdev))))
++ /* Just ignore it */
++ bio_endio(bio, 0);
++ else
++ generic_make_request(bio);
+ bio = next;
+ }
+ kfree(plug);
+--- a/drivers/md/raid10.c
++++ b/drivers/md/raid10.c
+@@ -1133,7 +1133,12 @@ static void raid10_unplug(struct blk_plu
+ while (bio) { /* submit pending writes */
+ struct bio *next = bio->bi_next;
+ bio->bi_next = NULL;
+- generic_make_request(bio);
++ if (unlikely((bio->bi_rw & REQ_DISCARD) &&
++ !blk_queue_discard(bdev_get_queue(bio->bi_bdev))))
++ /* Just ignore it */
++ bio_endio(bio, 0);
++ else
++ generic_make_request(bio);
+ bio = next;
+ }
+ kfree(plug);
--- /dev/null
+From 0cdc444a67ccdbd58bfbcba865cb17a9f17a7691 Mon Sep 17 00:00:00 2001
+From: Mel Gorman <mgorman@suse.de>
+Date: Mon, 29 Apr 2013 15:08:48 -0700
+Subject: mm: swap: mark swap pages writeback before queueing for direct IO
+
+From: Mel Gorman <mgorman@suse.de>
+
+commit 0cdc444a67ccdbd58bfbcba865cb17a9f17a7691 upstream.
+
+As pointed out by Andrew Morton, the swap-over-NFS writeback is not
+setting PageWriteback before it is queued for direct IO. While swap
+pages do not participate in BDI or process dirty accounting and the IO
+is synchronous, the writeback bit is still required and not setting it
+in this case was an oversight. swapoff depends on the page writeback to
+synchronoise all pending writes on a swap page before it is reused.
+Swapcache freeing and reuse depend on checking the PageWriteback under
+lock to ensure the page is safe to reuse.
+
+Direct IO handlers and the direct IO handler for NFS do not deal with
+PageWriteback as they are synchronous writes. In the case of NFS, it
+schedules pages (or a page in the case of swap) for IO and then waits
+synchronously for IO to complete in nfs_direct_write(). It is
+recognised that this is a slowdown from normal swap handling which is
+asynchronous and uses a completion handler. Shoving PageWriteback
+handling down into direct IO handlers looks like a bad fit to handle the
+swap case although it may have to be dealt with some day if swap is
+converted to use direct IO in general and bmap is finally done away
+with. At that point it will be necessary to refit asynchronous direct
+IO with completion handlers onto the swap subsystem.
+
+As swapcache currently depends on PageWriteback to protect against
+races, this patch sets PageWriteback under the page lock before queueing
+it for direct IO. It is cleared when the direct IO handler returns. IO
+errors are treated similarly to the direct-to-bio case except PageError
+is not set as in the case of swap-over-NFS, it is likely to be a
+transient error.
+
+It was asked what prevents such a page being reclaimed in parallel.
+With this patch applied, such a page will now be skipped (most of the
+time) or blocked until the writeback completes. Reclaim checks
+PageWriteback under the page lock before calling try_to_free_swap and
+the page lock should prevent the page being requeued for IO before it is
+freed.
+
+This and Jerome's related patch should considered for -stable as far
+back as 3.6 when swap-over-NFS was introduced.
+
+[akpm@linux-foundation.org: use pr_err_ratelimited()]
+[akpm@linux-foundation.org: remove hopefully-unneeded cast in printk]
+Signed-off-by: Mel Gorman <mgorman@suse.de>
+Cc: Jerome Marchand <jmarchan@redhat.com>
+Cc: Hugh Dickins <hughd@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/page_io.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+--- a/mm/page_io.c
++++ b/mm/page_io.c
+@@ -214,6 +214,7 @@ int swap_writepage(struct page *page, st
+ kiocb.ki_left = PAGE_SIZE;
+ kiocb.ki_nbytes = PAGE_SIZE;
+
++ set_page_writeback(page);
+ unlock_page(page);
+ ret = mapping->a_ops->direct_IO(KERNEL_WRITE,
+ &kiocb, &iov,
+@@ -223,8 +224,22 @@ int swap_writepage(struct page *page, st
+ count_vm_event(PSWPOUT);
+ ret = 0;
+ } else {
++ /*
++ * In the case of swap-over-nfs, this can be a
++ * temporary failure if the system has limited
++ * memory for allocating transmit buffers.
++ * Mark the page dirty and avoid
++ * rotate_reclaimable_page but rate-limit the
++ * messages but do not flag PageError like
++ * the normal direct-to-bio case as it could
++ * be temporary.
++ */
+ set_page_dirty(page);
++ ClearPageReclaim(page);
++ pr_err_ratelimited("Write error on dio swapfile (%Lu)\n",
++ page_file_offset(page));
+ }
++ end_page_writeback(page);
+ return ret;
+ }
+
--- /dev/null
+From bf8d909705e9d9bac31d9b8eac6734d2b51332a7 Mon Sep 17 00:00:00 2001
+From: Bryan Schumaker <bjschuma@netapp.com>
+Date: Fri, 19 Apr 2013 16:09:38 -0400
+Subject: nfsd: Decode and send 64bit time values
+
+From: Bryan Schumaker <bjschuma@netapp.com>
+
+commit bf8d909705e9d9bac31d9b8eac6734d2b51332a7 upstream.
+
+The seconds field of an nfstime4 structure is 64bit, but we are assuming
+that the first 32bits are zero-filled. So if the client tries to set
+atime to a value before the epoch (touch -t 196001010101), then the
+server will save the wrong value on disk.
+
+Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4xdr.c | 19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -344,10 +344,7 @@ nfsd4_decode_fattr(struct nfsd4_compound
+ all 32 bits of 'nseconds'. */
+ READ_BUF(12);
+ len += 12;
+- READ32(dummy32);
+- if (dummy32)
+- return nfserr_inval;
+- READ32(iattr->ia_atime.tv_sec);
++ READ64(iattr->ia_atime.tv_sec);
+ READ32(iattr->ia_atime.tv_nsec);
+ if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
+ return nfserr_inval;
+@@ -370,10 +367,7 @@ nfsd4_decode_fattr(struct nfsd4_compound
+ all 32 bits of 'nseconds'. */
+ READ_BUF(12);
+ len += 12;
+- READ32(dummy32);
+- if (dummy32)
+- return nfserr_inval;
+- READ32(iattr->ia_mtime.tv_sec);
++ READ64(iattr->ia_mtime.tv_sec);
+ READ32(iattr->ia_mtime.tv_nsec);
+ if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
+ return nfserr_inval;
+@@ -2401,8 +2395,7 @@ out_acl:
+ if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
+ if ((buflen -= 12) < 0)
+ goto out_resource;
+- WRITE32(0);
+- WRITE32(stat.atime.tv_sec);
++ WRITE64((s64)stat.atime.tv_sec);
+ WRITE32(stat.atime.tv_nsec);
+ }
+ if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
+@@ -2415,15 +2408,13 @@ out_acl:
+ if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
+ if ((buflen -= 12) < 0)
+ goto out_resource;
+- WRITE32(0);
+- WRITE32(stat.ctime.tv_sec);
++ WRITE64((s64)stat.ctime.tv_sec);
+ WRITE32(stat.ctime.tv_nsec);
+ }
+ if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
+ if ((buflen -= 12) < 0)
+ goto out_resource;
+- WRITE32(0);
+- WRITE32(stat.mtime.tv_sec);
++ WRITE64((s64)stat.mtime.tv_sec);
+ WRITE32(stat.mtime.tv_nsec);
+ }
+ if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
--- /dev/null
+From b022032e195ffca83d7002d6b84297d796ed443b Mon Sep 17 00:00:00 2001
+From: fanchaoting <fanchaoting@cn.fujitsu.com>
+Date: Mon, 1 Apr 2013 21:07:22 +0800
+Subject: nfsd: don't run get_file if nfs4_preprocess_stateid_op return error
+
+From: fanchaoting <fanchaoting@cn.fujitsu.com>
+
+commit b022032e195ffca83d7002d6b84297d796ed443b upstream.
+
+we should return error status directly when nfs4_preprocess_stateid_op
+return error.
+
+Signed-off-by: fanchaoting <fanchaoting@cn.fujitsu.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4proc.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/fs/nfsd/nfs4proc.c
++++ b/fs/nfsd/nfs4proc.c
+@@ -931,14 +931,14 @@ nfsd4_write(struct svc_rqst *rqstp, stru
+ nfs4_lock_state();
+ status = nfs4_preprocess_stateid_op(SVC_NET(rqstp),
+ cstate, stateid, WR_STATE, &filp);
+- if (filp)
+- get_file(filp);
+- nfs4_unlock_state();
+-
+ if (status) {
++ nfs4_unlock_state();
+ dprintk("NFSD: nfsd4_write: couldn't process stateid!\n");
+ return status;
+ }
++ if (filp)
++ get_file(filp);
++ nfs4_unlock_state();
+
+ cnt = write->wr_buflen;
+ write->wr_how_written = write->wr_stable_how;
--- /dev/null
+From 2c44a23471d048118e49b616d08df0729cdbd9f1 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
+Date: Tue, 9 Apr 2013 14:15:31 +0800
+Subject: nfsd: use kmem_cache_free() instead of kfree()
+
+From: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
+
+commit 2c44a23471d048118e49b616d08df0729cdbd9f1 upstream.
+
+memory allocated by kmem_cache_alloc() should be freed using
+kmem_cache_free(), not kfree().
+
+Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4state.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -261,7 +261,7 @@ kmem_cache *slab)
+ min_stateid = 0;
+ return stid;
+ out_free:
+- kfree(stid);
++ kmem_cache_free(slab, stid);
+ return NULL;
+ }
+
--- /dev/null
+From 0c7c3e67ab91ec6caa44bdf1fc89a48012ceb0c5 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Thu, 28 Mar 2013 20:37:14 -0400
+Subject: nfsd4: don't close read-write opens too soon
+
+From: "J. Bruce Fields" <bfields@redhat.com>
+
+commit 0c7c3e67ab91ec6caa44bdf1fc89a48012ceb0c5 upstream.
+
+Don't actually close any opens until we don't need them at all.
+
+This means being left with write access when it's not really necessary,
+but that's better than putting a file that might still have posix locks
+held on it, as we have been.
+
+Reported-by: Toralf Förster <toralf.foerster@gmx.de>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4state.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -210,13 +210,7 @@ static void __nfs4_file_put_access(struc
+ {
+ if (atomic_dec_and_test(&fp->fi_access[oflag])) {
+ nfs4_file_put_fd(fp, oflag);
+- /*
+- * It's also safe to get rid of the RDWR open *if*
+- * we no longer have need of the other kind of access
+- * or if we already have the other kind of open:
+- */
+- if (fp->fi_fds[1-oflag]
+- || atomic_read(&fp->fi_access[1 - oflag]) == 0)
++ if (atomic_read(&fp->fi_access[1 - oflag]) == 0)
+ nfs4_file_put_fd(fp, O_RDWR);
+ }
+ }
--- /dev/null
+From dbb21c25a35a71baf413f5176f028ee11b88cfbc Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Mon, 1 Apr 2013 14:27:29 -0400
+Subject: NFSv4: Handle NFS4ERR_DELAY and NFS4ERR_GRACE in nfs4_lock_delegation_recall
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit dbb21c25a35a71baf413f5176f028ee11b88cfbc upstream.
+
+A server shouldn't normally return NFS4ERR_GRACE if the client holds a
+delegation, since no conflicting lock reclaims can be granted, however
+the spec does not require the server to grant the lock in this
+instance.
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs4proc.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -5025,6 +5025,12 @@ int nfs4_lock_delegation_recall(struct n
+ nfs4_schedule_stateid_recovery(server, state);
+ err = 0;
+ goto out;
++ case -NFS4ERR_DELAY:
++ case -NFS4ERR_GRACE:
++ set_bit(NFS_DELEGATED_STATE, &state->flags);
++ ssleep(1);
++ err = -EAGAIN;
++ goto out;
+ case -ENOMEM:
+ case -NFS4ERR_DENIED:
+ /* kill_proc(fl->fl_pid, SIGLOST, 1); */
--- /dev/null
+From 8b6cc4d6f841d31f72fe7478453759166d366274 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Mon, 1 Apr 2013 15:34:05 -0400
+Subject: NFSv4: Handle NFS4ERR_DELAY and NFS4ERR_GRACE in nfs4_open_delegation_recall
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit 8b6cc4d6f841d31f72fe7478453759166d366274 upstream.
+
+A server shouldn't normally return NFS4ERR_GRACE if the client holds a
+delegation, since no conflicting lock reclaims can be granted, however
+the spec does not require the server to grant the open in this
+instance
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs4proc.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -1380,6 +1380,12 @@ int nfs4_open_delegation_recall(struct n
+ case -ENOMEM:
+ err = 0;
+ goto out;
++ case -NFS4ERR_DELAY:
++ case -NFS4ERR_GRACE:
++ set_bit(NFS_DELEGATED_STATE, &state->flags);
++ ssleep(1);
++ err = -EAGAIN;
++ goto out;
+ }
+ set_bit(NFS_DELEGATED_STATE, &state->flags);
+ err = nfs4_handle_exception(server, err, &exception);
--- /dev/null
+From 2cc1144a31f76d4a9fb48bec5d6ba1359f980813 Mon Sep 17 00:00:00 2001
+From: Robert Richter <robert.richter@calxeda.com>
+Date: Tue, 30 Apr 2013 18:57:18 +0200
+Subject: sata_highbank: Rename proc_name to the module name
+
+From: Robert Richter <robert.richter@calxeda.com>
+
+commit 2cc1144a31f76d4a9fb48bec5d6ba1359f980813 upstream.
+
+mkinitrd looks at /sys/class/scsi_host/host$hostnum/proc_name to find
+the module name of a disk driver. Current name is "highbank-ahci" but
+the module is "sata_highbank". Rename it to match the module name.
+
+Signed-off-by: Robert Richter <robert.richter@calxeda.com>
+Cc: Rob Herring <rob.herring@calxeda.com>
+Cc: Alexander Graf <agraf@suse.de>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/sata_highbank.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/ata/sata_highbank.c
++++ b/drivers/ata/sata_highbank.c
+@@ -251,7 +251,7 @@ static const struct ata_port_info ahci_h
+ };
+
+ static struct scsi_host_template ahci_highbank_platform_sht = {
+- AHCI_SHT("highbank-ahci"),
++ AHCI_SHT("sata_highbank"),
+ };
+
+ static const struct of_device_id ahci_of_match[] = {
alsa-hda-fix-aamix-activation-with-loopback-control-on-via-codecs.patch
alsa-hda-add-the-support-for-alc286-codec.patch
arm-7702-1-set-the-page-table-freeing-ceiling-to-task_size.patch
+asoc-max98088-fix-logging-of-hardware-revision.patch
+hrtimer-fix-ktime_add_ns-overflow-on-32bit-architectures.patch
+hrtimer-add-expiry-time-overflow-check-in-hrtimer_interrupt.patch
+swap-redirty-page-if-page-write-fails-on-swap-file.patch
+mm-swap-mark-swap-pages-writeback-before-queueing-for-direct-io.patch
+drivers-rtc-rtc-cmos.c-don-t-disable-hpet-emulation-on-suspend.patch
+drivers-rtc-rtc-at91rm9200.c-fix-missing-iounmap.patch
+libata-acpi-make-ata_ap_acpi_handle-not-block.patch
+acpi-fix-wrong-parameter-passed-to-memblock_reserve.patch
+acpi-thermal-do-not-always-return-thermal_trend_raising-for-active-trip-points.patch
+cgroup-fix-an-off-by-one-bug-which-may-trigger-bug_on.patch
+cgroup-fix-broken-file-xattrs.patch
+localmodconfig-process-source-kconfig-files-as-they-are-found.patch
+clockevents-set-dummy-handler-on-cpu_dead-shutdown.patch
+sata_highbank-rename-proc_name-to-the-module-name.patch
+inotify-invalid-mask-should-return-a-error-number-but-not-set-it.patch
+fs-dcache.c-add-cond_resched-to-shrink_dcache_parent.patch
+exec-do-not-abuse-cred_guard_mutex-in-threadgroup_lock.patch
+lockd-ensure-that-nlmclnt_block-resets-block-b_status-after-a-server-reboot.patch
+md-bad-block-list-should-default-to-disabled.patch
+md-ignore-discard-request-for-hard-disks-of-hybid-raid1-raid10-array.patch
+nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_lock_delegation_recall.patch
+nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_open_delegation_recall.patch
+nfsd4-don-t-close-read-write-opens-too-soon.patch
+nfsd-don-t-run-get_file-if-nfs4_preprocess_stateid_op-return-error.patch
+nfsd-use-kmem_cache_free-instead-of-kfree.patch
+nfsd-decode-and-send-64bit-time-values.patch
+wireless-regulatory-fix-channel-disabling-race-condition.patch
+ipc-sysv-shared-memory-limited-to-8tib.patch
--- /dev/null
+From 2d30d31ea3c5be426ce25607b9bd1835acb85e0a Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Mon, 29 Apr 2013 15:08:47 -0700
+Subject: swap: redirty page if page write fails on swap file
+
+From: Jerome Marchand <jmarchan@redhat.com>
+
+commit 2d30d31ea3c5be426ce25607b9bd1835acb85e0a upstream.
+
+Since commit 62c230bc1790 ("mm: add support for a filesystem to activate
+swap files and use direct_IO for writing swap pages"), swap_writepage()
+calls direct_IO on swap files. However, in that case the page isn't
+redirtied if I/O fails, and is therefore handled afterwards as if it has
+been successfully written to the swap file, leading to memory corruption
+when the page is eventually swapped back in.
+
+This patch sets the page dirty when direct_IO() fails. It fixes a
+memory corruption that happened while using swap-over-NFS.
+
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Acked-by: Johannes Weiner <hannes@cmpxchg.org>
+Acked-by: Mel Gorman <mgorman@suse.de>
+Cc: Hugh Dickins <hughd@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/page_io.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/mm/page_io.c
++++ b/mm/page_io.c
+@@ -222,6 +222,8 @@ int swap_writepage(struct page *page, st
+ if (ret == PAGE_SIZE) {
+ count_vm_event(PSWPOUT);
+ ret = 0;
++ } else {
++ set_page_dirty(page);
+ }
+ return ret;
+ }
--- /dev/null
+From 990de49f74e772b6db5208457b7aa712a5f4db86 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 16 Apr 2013 14:32:26 +0200
+Subject: wireless: regulatory: fix channel disabling race condition
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit 990de49f74e772b6db5208457b7aa712a5f4db86 upstream.
+
+When a full scan 2.4 and 5 GHz scan is scheduled, but then the 2.4 GHz
+part of the scan disables a 5.2 GHz channel due to, e.g. receiving
+country or frequency information, that 5.2 GHz channel might already
+be in the list of channels to scan next. Then, when the driver checks
+if it should do a passive scan, that will return false and attempt an
+active scan. This is not only wrong but can also lead to the iwlwifi
+device firmware crashing since it checks regulatory as well.
+
+Fix this by not setting the channel flags to just disabled but rather
+OR'ing in the disabled flag. That way, even if the race happens, the
+channel will be scanned passively which is still (mostly) correct.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/reg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/wireless/reg.c
++++ b/net/wireless/reg.c
+@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy
+ return;
+
+ REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
+- chan->flags = IEEE80211_CHAN_DISABLED;
++ chan->flags |= IEEE80211_CHAN_DISABLED;
+ return;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
